https support - Githubissues

craigbarratt / hass-pyscript-jupyter

Jupyter kernel shim to connect to HASS pyscript

Apache License 2.0

61 stars 10 forks source link

https support #16

Open fizcris opened 3 years ago

fizcris commented 3 years ago

Is there an easy way to make it work with https?

Without having to set up a reverse proxy...

Dilergore commented 3 years ago

I kinda have the same question. Just set up https for HomeAssistant, modified the pyscript.conf file accordingly and now it seems like it is not working.

Dilergore commented 3 years ago

Okay, so my working setup is:

Home Assistant set to SSL
- using Let's encrypt (using CloudFlare challange)
- server.domain.com is the domain which this way has an externally valid cert
My external URL is homeassistant.domain.com
- This is a CNAME record pointing to server.domain.com
- Externally my router only accepting traffic from the CloudFlare edge
- On CloudFlare I have proxy mode set for this traffic
- My router is forwarding port 443 to the private IP of my HomeAssistant and to port 8123
Internally server.domain.com points to the private IP of my HomeAssistant
pyscript.conf is set to
- hass_host pointing to server.domain.com
- hass_url pointing to https://server.domain.com:8123

I think what we are missing is a flag in the pyscript.conf to accept untrusted SSL then it would work without needing a valid cert locally.

charlesbaynham commented 2 years ago

For my 2-cents, I was having the same trouble accessing the kernel from my LAN. The problem seemed to that

Direct internal access didn't work because the HTTPS certificate is invalid, since it points to my domain
Accessing via the domain worked for HTTPS, but then failed when Jupyter (or pyscript?) attempt to launch a connection on a randomised, high port number. These aren't forwarded through the router, so it fails.

To fix it, I enabled port forwarding from my router to my HA instance of all ports above 9999. This rewrites local accesses to the device, but also exposes those ports externally. That might be what you want: I didn't, so I also added a firewall rule preventing WAN access to the same ports on the router.

acambitsis commented 2 years ago

Thanks for the above solution. Would be great if there was a flag to ignore invalid cert for local https access?

derkork commented 2 years ago

As @charlesbaynham wrote, accessing behind a reverse proxy doesn't work because the reverse proxy will not forward the randomized ports. Would it be possible to support this usage scenario?

zeratax commented 6 months ago

i use a self signed cert and even though I installed the cert locally python still rejects it, which is probably also why i can’t connect via jupyter.

i see that this pr mentioned should allow me to just disable the check, but i don’t think the current released version includes this? the pyscript.conf doesn’t show this option and adding it doesn’t seem to do anything.

can i directly install the latest version or is this getting another release?

mikejhill commented 2 months ago

@zeratax for what it's worth, I was able to successfully manually apply the current master and use the new parameter from @acambitsis's changes in https://github.com/craigbarratt/hass-pyscript-jupyter/pull/21.

Current master: https://github.com/craigbarratt/hass-pyscript-jupyter/tree/a30ad3cf0dd3f5af2b57a8b39a9fa11f501db1d4

Pull the hass_pyscript_kernel directory and use to replace contents of site-packages/hass_pyscript_kernel/.
Remove __pycache__ in the same directory if present.
Add verify_ssl = False to pyscript.conf.